Traffic from port 0
-
Yeah that really should not be possible.. If I had to guess, I would say their client is out of available ports to use for source.. If recall application creates its socket it asks for a port and this could be done via port 0, which the system should then bind it to an open source port to use..
Are you seeing a lot of that traffic?
Looks like to be a mail server out of Italy.. are you in that region of the world?
;; ANSWER SECTION:
222.0.229.2.in-addr.arpa. 86400 IN PTR mail.hilex.it.Some law firm maybe?
If your not in that area - they shouldn't be talking to you anyway.. ntp pool makes more sense to query ntp servers in your area.. asking something on the other side of the planet for time is not going to be the best accuracy ;)
-
yes i'm from italy
-
Ah - well then that makes more sense then.. Maybe you could reach out to them and tell them hey their ntp prob not going to be working if they are asking from source port 0 ;)
-
yeah that was my intention, but before that I wanted to understand what it was all about
-
Unless their box has been compromised.. Is prob just a issue on the box..
That would be very nice of you to let them know.. Cuz yeah nobody really going to be answering their ntp queries.. Not from that source port.
The trick will be getting someone to even look at your emails ;) Not all companies monitor abuse email addresses, but since that IP says its mail for a company.. You might be able to reach their IT dept..
They should for sure buy you a beer if you help them out like that ;) hehehehe
-
the problem is that his email server is down, his web site is also down (it was working an hour ago now it's telling me "There is no SSL certificate configured for this domain." ) i will wait some hours maybe they are doing something, eventually i can contact his isp
-
@johnpoz said in Traffic from port 0:
mail.hilex.it
Their cert is hosed, if they don't care about that, I wonder if they'll even care about the offending host.
It may be something you have to ignore.
-
Well their email server being down prob would be yeah issue with the ports if asking for stuff from source 0..
I was just on their website though, atleast believe its theirs.. Different IP.
http://hilex.it/
But yeah https is down on that site - certs got the wrong freaking domain on it ;) My guess is they need some IT help... hehehehehe
-
maybe he can be a new customer
-
That would be great story for sure!
So found a new customer to support, yeah they were sending out shit traffic that my firewall blocked.. So I contacted them about it - now I provide their IT support... heheeheheh
That for sure should be posted somewhere... How monitoring your firewall logs can find you new customers ;)